From 5a0869a771f65f87fa2a4ed402fb1f3597b92198 Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Sun, 05 Feb 2017 11:32:25 +0000 Subject: [PATCH] Handle service ticket validation on proxyValidate endpoint, return error on proxy endpoint --- src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java | 15 +++++++-------- 1 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java index a3d80df..57b0da0 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java @@ -35,8 +35,8 @@ public Response build() { MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); - boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM)); - boolean gateway = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.GATEWAY_PARAM)); + boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); + boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM); checkSsl(); checkRealm(); @@ -46,8 +46,12 @@ // So back button doesn't work CacheControlUtil.noBackButtonCacheControlHeader(); + if (renew) { + clientSession.setNote(CASLoginProtocol.RENEW_PARAM, "true"); + } + this.event.event(EventType.LOGIN); - return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event, renew), gateway, false); + return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event), gateway, false); } private void checkSsl() { @@ -82,11 +86,6 @@ if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new ErrorPageException(session, Messages.CLIENT_DISABLED); - } - - if (client.isBearerOnly()) { - event.error(Errors.NOT_ALLOWED); - throw new ErrorPageException(session, Messages.BEARER_ONLY); } redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client); -- Gitblit v1.9.1